As handheld devices become more common, protecting the data stored on them becomes a primary concern. Fortunately, mobile operating systems now include security features that enterprises can use to enforce corporate policies. In this series, we explore data protection on today's most popular handheld devices, starting with Symbian.
Global impact
According to In-Stat, Symbian leads the smartphone operating system field with almost 70% of the global market, while the biggest Symbian player -- Nokia -- continues to out-ship every other wireless handset vendor. It therefore comes as no surprise that Symbian was targeted by the first significant mobile malware outbreak.
When SymbianOS.Cabir emerged back in June 2004, mobile vendors were put on notice that handhelds had matured sufficiently to lure attackers. Cabir was a simple worm that posed as the Caribe Security Manager utility, but it implanted malicious code that spread to other Nokia Series 60 devices over Bluetooth. Shortly thereafter, sibling Mabir exploited multi-media messaging service (MMS) in a similar fashion. Although these worms did no real damage, they showed how unprotected those handheld devices and their data were.
Taking responsibility
In Cabir's aftermath, all major mobile operating systems were overhauled to incorporate protection features that prevented malware from overwriting sensitive files, including privileged OS components and device data.
First came Symbian-Signed, a program whereby registered software publishers could digitally sign applications that had been tested by a Symbian-accredited test house. This program has undergone revision to make signing less onerous for smaller developers. Today, there are three Symbian-Signed levels: Open-Signed (limited/internal use), Express-Signed (self-tested), and Certified-Signed (independently tested).
All three levels use digital signatures to bind software to publisher identities. Express-Signed and Certified-Signed programs must use Publisher IDs issued by TC TrustCenter, the official Certificate Authority for the Symbian-Signed program. The objective is to enable third-party software development while giving users a reliable way to identify software origin and trustworthy publishers.
Hardening the platform
Symbian 9 built upon this foundation by implementing Platform Security -- an architecture designed to restrict or block unauthorized access to APIs and data. Platform Security replaces the old "all or nothing" execution environment, where every installed program had unfettered access to everything else on a Symbian handheld. Instead, Capability Management now controls the access rights afforded to each running process, while Data Caging confines each process to its own part of the file system.
On Symbian 9.x devices, signed executables are tagged with capabilities that can be permitted or denied at run-time, based on configured policies. Full API and file system privileges are reserved for the Trusted Computing Base (i.e., the kernel, file system, and software installer). System privileges grant Trusted Computing System servers like messaging selective access to device data, network interfaces, and power management. Finally, there are basic privileges, like the ability to read and write user data, use network services, and determine device location, which can be configured by users.
Capability Management is not impervious to hacks, but it helps Symbian devices resist unauthorized software installation, maintain system integrity, and lock down sensitive operations and data. To further protect data, capabilities are combined with Data Caging -- a straightforward way of keeping code, read-only public data, and per-application private data strictly separated. For example, files in the /resource directory are visible to all processes but can be deleted or changed only by the Trusted Computing Base. However, the files within each /private/SID directory are hidden from executables other than the one associated with a given SID (Secure Identifier).
Encrypting data
Symbian Platform Security is concerned with controlling API and data access but not with maintaining data confidentiality. The Symbian operating system does indeed implement several encryption algorithms, including DES, 3DES, RC2, RC4, RC5 and AES. The operating system does not, however, automatically encrypt folders, files or messages. Deciding whether and how data should be encrypted falls to each application.
For example, enterprises that require cryptographic protection for email messages may choose to send them over TLS, IPsec or another encrypted channel. If TLS is chosen, a Symbian device can use built-in functions to encrypt the IMAP or POP3 messages exchanged with each configured mail server. But those mail messages and file attachments stored on a Symbian device will not remain encrypted "at rest" unless a third-party stored data encryption solution is installed and configured to do so.
Many such programs are commercially available for Symbian handhelds, from basic standalone programs that individuals can use to encrypt passwords and credit card numbers, to centrally managed enterprise file/folder encryption solutions. To learn more about third-party programs for Symbian devices (including data encryption programs), consult your carrier or device manufacturer, or search a Symbian software website like www.my-symbian.com or www.phonesymbian.com.
About the author: Lisa Phifer is vice president of Core Competence Inc., a consulting firm specializing in network security and management technology. Phifer has been involved in the design, implementation, and evaluation of data communications, internetworking, security, and network management products for nearly 20 years. She teaches about wireless LANs and virtual private networking at industry conferences and has written extensively about network infrastructure and security technologies for numerous publications. She is also a site expert to SearchMobileComputing.com and SearchNetworking.com.
